1. Field of the Invention
The field of the invention is data processing, or, more specifically, methods, systems, and products for user session management for web applications.
2. Description of Related Art
Web applications delivered via the HTTP protocol represent the most popular application development architecture in practice today. The majority of these web applications comply with a security policy that includes authentication and authorization. Security policies are often implemented for web application by third party security vendors that are separate entities from those implementing the web applications. Such security vendors implement uniform security policies across many web applications. The third party security vendor relieves the web applications from the complexity of implementing security management functions. These third party security vendors often provide single sign-on, where the user authenticates to the security vendor, and the security vendor asserts that identity to the supported web applications in a trusted fashion.
As web applications become more sophisticated and complex, these web applications can no longer be passive consumers of pre-established security policy. Examples include cases where a web application determines that a specific aspect of a user session requires additional or customized security measures not currently implemented by the third party security vendor according to its current security policy. There is therefore an ongoing need for a method, system, and computer program product for user session management for web applications that allows a web application to trigger security directives.